Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to the Security Forum Jet Propulsion Laboratory California Institute of Technology 4800 Oak Grove Drive Pasadena, California 91109-8099 J.

Published byAshley Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to the Security Forum Jet Propulsion Laboratory California Institute of Technology 4800 Oak Grove Drive Pasadena, California 91109-8099 J."— Presentation transcript:

1 Introduction to the Security Forum Jet Propulsion Laboratory California Institute of Technology 4800 Oak Grove Drive Pasadena, California 91109-8099 J. Steven Jenkins, Ph.D. Principal Engineer +1 818 354-6055 steven.jenkins@jpl.nasa.gov

2 What We Used to Do  Security Standards Development  X/Open Basic Security Services (XBSS)  Common Data Security Architecture (CDSA)  With reference implementation  Authorization API (AZN API)  Work on PKI  Architecture (APKI)  DCE/PKI Integration

3 Why We Don’t Do That Now  Security standards development is well addressed by some other organizations  IETF, OASIS  Some high-profile standards did not achieve the desired uptake and effect  CDSA, AZN  There are significant challenges in security that are not being addressed anywhere on a systematic basis

4 Classical Security Analysis  Classical model in a cartoon  Analyze threats  Analyze vulnerabilities  Analyze risks  Design and implement countermeasures  What’s wrong with the classical model?  It starts with bad things to prevent  It assumes all risk is bad  The result often prevents good things

5 Our Model Is Different  We believe that security exists to ensure that business gets done according to policy  Policies are business-driven, for example:  Comply with the law because you want to stay in business  Respect your customers because you want to keep them  Understand your risks and make business decisions about which to accept and how

6 Managing Risk  Risk is not necessarily a bad thing  Every business transaction carries risk  Some ways to deal with risk  Disclaim it  Transfer it by contract  Hedge against it  Insure against it  Accept it  Security helps you manage risk by design

7 Active Loss Prevention  The Open Group has had an Active Loss Prevention Initiative for several years  It provides a framework for addressing IT issues related to risk and loss in the context of law, insurance, and business  The ALP Initiative is now integrated into the Security Forum  A welcome addition because their aims are the same as ours

8 Summary  Our mission is to bridge the gap between business objectives and traditional “security” technology  Clear ways to talk about business security  Analytical tools to turn objectives into design  Identification of gaps in both understanding and technology  What are the emerging requirements?  Better understanding between buyers and suppliers of IT

Download ppt "Introduction to the Security Forum Jet Propulsion Laboratory California Institute of Technology 4800 Oak Grove Drive Pasadena, California 91109-8099 J."

Similar presentations

Claudia de Windt Senior Legal Specialist Department of Sustainable Development Strengthening Humanitarian Assistance and Prevention and Response Coordination.

Claudia de Windt Senior Legal Specialist Department of Sustainable Development Strengthening Humanitarian Assistance and Prevention and Response Coordination.
Reliable Security Current State, Challenges, Desired State S. Rao Vasireddy Bell Laboratories, Alcatel-Lucent Tel: 732-582-7179

Reliable Security Current State, Challenges, Desired State S. Rao Vasireddy Bell Laboratories, Alcatel-Lucent Tel:
Longevity & Mortality Risk Transfer via the Capital Markets Guy Coughlan, Managing Director PENSION ADVISORY GROUP S T R I C T L Y P R I V A T E A N D.

Longevity & Mortality Risk Transfer via the Capital Markets Guy Coughlan, Managing Director PENSION ADVISORY GROUP S T R I C T L Y P R I V A T E A N D.
Project Appraisal Module 5 Session 6.

Project Appraisal Module 5 Session 6.
The Department of Energy Enterprise Risk Management Model

The Department of Energy Enterprise Risk Management Model
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing of a Certification Authority Patrick Cain, CISA, CISM The Cooper-Cain Group, Inc.

Auditing of a Certification Authority Patrick Cain, CISA, CISM The Cooper-Cain Group, Inc.
Security Controls – What Works

Security Controls – What Works
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
The Information Systems Planning Process

The Information Systems Planning Process
Managing Risk in Information Systems Strategies for Mitigating Risk

Managing Risk in Information Systems Strategies for Mitigating Risk
Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.

Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.
RISK MANAGEMENT FOR ENTERPRISES AND INDIVIDUALS Chapter 9 Fundamental Doctrines Affecting Insurance Contracts.

RISK MANAGEMENT FOR ENTERPRISES AND INDIVIDUALS Chapter 9 Fundamental Doctrines Affecting Insurance Contracts.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Integrated Capability Maturity Model (CMMI)

Integrated Capability Maturity Model (CMMI)
An Educational Computer Based Training Program CBTCBT.

An Educational Computer Based Training Program CBTCBT.
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

Similar presentations

Ads by Google